9.8
CVE-2025-9242
- EPSS 86.37%
- Veröffentlicht 17.09.2025 07:29:23
- Zuletzt bearbeitet 14.11.2025 02:00:02
- Quelle 5d1c2695-1a31-4499-88ae-e84703
- CVE-Watchlists
- Unerledigt
WatchGuard Firebox iked Out of Bounds Write Vulnerability
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.3 and 2025.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Watchguard ≫ Fireware Version >= 11.10.2 < 12.11.4
Watchguard ≫ Firebox M270
Watchguard ≫ Firebox M290
Watchguard ≫ Firebox M370
Watchguard ≫ Firebox M390
Watchguard ≫ Firebox M440
Watchguard ≫ Firebox M4600
Watchguard ≫ Firebox M470
Watchguard ≫ Firebox M4800
Watchguard ≫ Firebox M5600
Watchguard ≫ Firebox M570
Watchguard ≫ Firebox M5800
Watchguard ≫ Firebox M590
Watchguard ≫ Firebox M670
Watchguard ≫ Firebox M690
Watchguard ≫ Firebox Nv5
Watchguard ≫ Firebox T20
Watchguard ≫ Firebox T25
Watchguard ≫ Firebox T40
Watchguard ≫ Firebox T45
Watchguard ≫ Firebox T55
Watchguard ≫ Firebox T70
Watchguard ≫ Firebox T80
Watchguard ≫ Firebox T85
Watchguard ≫ Fireboxcloud
Watchguard ≫ Fireboxv
Watchguard ≫ Firebox M290
Watchguard ≫ Firebox M370
Watchguard ≫ Firebox M390
Watchguard ≫ Firebox M440
Watchguard ≫ Firebox M4600
Watchguard ≫ Firebox M470
Watchguard ≫ Firebox M4800
Watchguard ≫ Firebox M5600
Watchguard ≫ Firebox M570
Watchguard ≫ Firebox M5800
Watchguard ≫ Firebox M590
Watchguard ≫ Firebox M670
Watchguard ≫ Firebox M690
Watchguard ≫ Firebox Nv5
Watchguard ≫ Firebox T20
Watchguard ≫ Firebox T25
Watchguard ≫ Firebox T40
Watchguard ≫ Firebox T45
Watchguard ≫ Firebox T55
Watchguard ≫ Firebox T70
Watchguard ≫ Firebox T80
Watchguard ≫ Firebox T85
Watchguard ≫ Fireboxcloud
Watchguard ≫ Fireboxv
Watchguard ≫ Fireware Version >= 11.10.2 < 12.5.13
Watchguard ≫ Fireware Version2025.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login12.11.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog
WatchGuard Firebox Out-of-Bounds Write Vulnerability
SchwachstelleWatchGuard Firebox contains an out-of-bounds write vulnerability in the OS iked process that may allow a remote unauthenticated attacker to execute arbitrary code.
BeschreibungApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 86.37% | 0.997 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 5d1c2695-1a31-4499-88ae-e847036fd7e3 | 9.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015
https://github.com/watchtowrlabs/watchTowr-vs-WatchGuard-CVE-2025-9242/blob/main/watchTowr-vs-WatchGuard-CVE-2025-9242.py
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-9242